Security Manager, Vulnerability Research

GitLab


5 months ago

09/04/2019 10:21:23

Job type: Full-time

Category: Software Development


This position is remote based.

GitLab is building a research team that will focus on improving GitLab’s security detection capabilities, including SAST/DAST and future products. For more information about our security products, please review:  https://about.gitlab.com/direction/secure/ and https://about.gitlab.com/direction/defend/

This team will work directly with the GitLab Security, Development, and Product teams to build, tune and improve the efficacy of GitLab’s stand-alone detection products. 

Managers in the Security Department at GitLab see the team as their product. While they are technically credible and know the details of what vulnerability research engineers work on, their time is spent hiring a world-class team and putting them in the best position to succeed. They own the delivery of security commitments and are always looking to improve productivity. They must also coordinate across departments to accomplish collaborative goals.

As a member of the security team at GitLab, you will be working towards raising the bar on security. We will achieve that by working and collaborating with cross-functional teams to provide guidance on security best practices.

The Security Team is responsible for leading and implementing the various initiatives that relate to improving GitLab's security.

Responsibilities

  • Hire a world class team of vulnerability research engineers to work on their team

  • Help vulnerability research engineers grow their skills and experience

  • Provide input on vulnerabilities, issues, and security features

  • Hold regular 1:1's with all members their team

  • Create a sense of psychological safety on your team

  • Recommend security-related technical and process improvements

  • Author project plans for security initiatives

  • Draft quarterly OKRs

  • Train engineers to screen candidates and conduct managerial interviews

  • Strong sense of ownership, urgency, and drive

  • Excellent written and verbal communication skills, especially experience with executive-level communications

  • Ability to make concrete progress in the face of ambiguity and imperfect knowledge

Requirements

  • You have a passion for security and open source

  • You are a team player, and enjoy collaborating with cross-functional teams

  • You are a great communicator

  • You employ a flexible and constructive approach when solving problems

  • You share our values, and work in accordance with those values

Compensation

Please view the compensation range for this role at the bottom of the position description.


Please mention that you come from Remotive when applying for this job.

Help us maintain Remotive! If this link is broken, please just click to report dead link!

similar jobs

  • SpiderOak (US only)
    Yesterday

    About SpiderOak Engineering

    Our Engineering team is comprised of passionate and creative people who are committed to the premise that complexity is the enemy of security. The problem of security will not be solved by layering on more band-aids, e.g. firewalls, packet inspection, two-factor authentication, etc… these actually add complexity by increasing the attack surface. We take a fundamentally different approach by removing the need to trust your infrastructure or your admins through the combination of

    • Zero-trust systems and applied cryptography
    • Distributed ledger

    Our platform and applications – built on Go – enable our customers to collaborate and communicate securely, and we’re looking for growing the team to help us turn this ambitious vision into reality. Our culture is focused on productivity and creativity, and we’re committed to collaboration with our colleagues across the organization.

    Job Description

    Rather than bore you with a long description, let’s cut to chase: your job is to implement distributed services in Go. Some of the specifications will be already written, but others will require you to design new services in partnership with our Security Architects. Additionally, you will iterate over our current codebase to improve it and fix bugs.

    Experience & Skills

    Simply put: you need prior experience in developing in Go. You also should have a desire to work with remote, distributed teams.

    NOTE: Given the nature of our work, candidates must be US Citizens residing in the United States.

  • Last Call Media
    2 weeks ago

    Last Call Media is looking for a well rounded PHP developer to join our team!

    The Role

    Last Call Media is looking for someone who understands just how flexible the PHP programming language can be, and enjoys, neh, is proud that the majority of the internet uses the PHP language.

    The ideal candidate will have experience in PHP frameworks such as WordPress, Symfony, Drupal, CodeIgniter but also has been involved with big single PHP files with inline CSS/HTML/(My)SQL/PHP. Last Call Media is looking for an advocate of best practices and someone who is willing to be opinionated about what they believe in when it comes to building successful programming projects.

    Last Call Media is a fully distributed company so you can work from anywhere, but we ask that you be able to commit to at least 5 hours of overlap with New York time (ET), Monday through Friday.

    What you’ll do:

    • Review and analyze existing PHP sites for ways to improve and/or provide advice on how to migrate off antiquated monolith systems. Implement analyses from start to finish.

    • Work with clients to communicate how and why existing PHP code works or doesn’t.

    • Create and maintain product roadmaps, feature backlogs and product documentation, and user stories.

    • Understand who the end user of a project is and how to build and/or suggest front-end interfaces to help them accomplish their tasks as simply and practically as possible.

    • Participate in team and company retrospectives to help define and refine working agreements and processes to help us work more effectively together as a team.

    What you’ll bring:

    • A proven track record of leading the delivery of digital products and services that delight customers.

    • 3+ years of similar experience in a digital agency, consultancy, or equivalent setting where you were accountable to several client engagements.

    • An obvious drive to grow and learn from the highly-skilled team around you

    • Experience with large-scale open source web technologies (such as Drupal, WordPress, and React).

    • Experience and/or a desire to work remotely.

    • Ability to work efficiently, sometimes under tight deadlines

    It’d be nice if you also had:

    • Front-end framework experience like ReactJS/AngularJS/VueJS

    • Relational database experience and understanding of how to improve DB performance

    • Server administration and/or setups like Apache/NodeJS/Nginx and a general comfortability in the Linux environment

    • Familiarity with Atlassian tools, such as Jira and Confluence.

    All of us at LCM pride ourselves on being:

    • Able to empathize, which helps us understand the need of the client, the customer, the product, and the team at LCM.

    • Highly communicative

    • Able to work independently

    • Comfortable asking for help

    • Experienced with communicating directly with clients

    • Eager and motivated to learn new concepts

    • A team player in a collaborative environment

    • A fast learner

    Application Process

    Applicants should submit through the careers section a current resume and cover letter that includes links to a few digital products you completed recently and an answer to the following question: In 3-5 sentences please share a little about what, in your opinion, the biggest challenges are working at an all remote company. If you haven’t worked for an all remote company, please try and answer the question anyway! Lastly, while resumes and interviews are a great way to learn more about you, all candidates should be prepared to complete a brief hypothetical virtual recruitment exercise and submit reference(s) upon request.

    To apply visit: https://lastcallmedia.com/careers

    This position is compensated at a salary commensurate with skill and experience, with comprehensive benefits including an annual professional development budget, and varied, engaging work for enterprise-level clients. If this position already sounds like you or sounds like where you're headed, please reach out! Applicants should submit a current resume and cover letter through the careers section and should be prepared to submit a code sample(s) and reference(s) upon request.

  • 3 weeks ago

    Are you looking for a new adventure with a positive impact?

    At Learnlife we are on the mission to build an open ecosystem for a new lifelong learning paradigm to positively change education worldwide. We empower learners, educators, schools, and governments through a new learner-centered paradigm that focuses on purpose-inspired and personal learning.

    A little bit about us

    Learnlife is based in Barcelona, where we also have opened our first Learning HUB (1200m2 @ Enrique Granados 7). We are an educational startup in the early phase with a team of thirty people in total and with six people working full-time on the digital part of the ecosystem we are building.

    Last year, we had our first seed investment round, which we secured during the June 2019 when we raised €3,1m in partnership with 19 entrepreneurial supporters from 11 countries. The funding round was led by BPO Capital, a vehicle of Benjamin Otto (Germany), an active shareholder of the Otto Group and co-founder of About You.

    We believe in empowered and autonomous teams, positive relationships, empathetic collaboration, growth through adventure, fair communities, and a culture of constructive transparency and honesty.

    Who we are looking for

    We’re looking for a senior software engineer to join our growing team. As someone coming into such a pivotal role in the company, you will influence how our products look, work, behave and feel over the coming years.

    You should send us an application if you:

    • Are searching for a startup-like environment with solid funding.

    • Have experience working on remote and in the ideal case also in the startup environment. 

    • Are looking for a full-stack senior software engineering role, and you’ve spent in the role already several years.

    • Have strong skills in Javascript and another backend programming language (Ruby & Ruby on Rails is a big plus).

    • Are able to step outside your role description and do what is needed in order to help the team succeed. 

    • Love technology and are hungry to learn.

    • Love to collaborate in a cross-functional team.

    • Are a great communicator (English).

    • Could solve problems independently. 

    • Are based in Europe or Brazil.

    • Having an active profile on Github with several open-source contributions under your belt isn’t required, but it is a big plus.

    Our tech stack:

    • Ruby on Rails, Javascript

    • PostgreSQL, MongoDB

    • Nginx, Unicorn, AWS

    How will your working day look like

    You will start your day when you want in the morning and decide for yourself where you’re going to work. The whole team usually work remotely, but there are certain periods when we gladly go to our office in Ostrava, Czech Republic or Barcelona, Spain. 

    First thing in the morning, we have an asynchronous stand-up via Basecamp.

    We usually summarize the previous day’s issues as well as tasks for the current day at the stand-up. 

    Everyone then works on their assignments during the day, and any other potential communication is carried on via Basecamp/Github/Calls. Nobody checks anybody as for when and how they work – only the results are important. 

    During the day and at the end of it, we commit the work in a standard way to Github where another developer always performs code review for you after you have completed a task.

    Currently, we have 4-weeks long development cycles. The first week of the cycle is from a big part focused on planning and is, therefore, more meeting heavy than other weeks.

Remotive can help!

Not sure how to apply properly to this job? Watch our live webinar « 3 Mistakes to Avoid When Looking For A Remote Startup Job (And What To Do Instead) ».

Interested to chat with Remote workers? Join our community!